Primary

Context

Homey WordPress Theme Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability exists in the Homey theme for WordPress, affecting all versions through 2.4.2. The issue arises because the theme allows users registering new accounts to choose their own roles. This functionality can be exploited by unauthenticated attackers to create accounts with elevated privileges, such as Editor or Shop Manager roles.

Impact

Exploitation of this vulnerability allows unauthenticated users to gain elevated privileges by creating accounts with roles that have higher access rights, such as Editor or Shop Manager.

Remediation

Users can update to version 2.4.3 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Homey WordPress Theme Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating